undefined | Better HN

0 pointstptacek12y ago0 comments

What are you talking about? Microsoft doesn't source even an appreciable fraction of the exploits for exploitable bugs in Microsoft products. There is a 9-figure business in reversing WinAPI software, discovering vulnerabilities in it, and weaponizing them with exploit code. Microsoft is a bystander to that industry.

0 comments

4 comments · 2 top-level

belorn12y ago· 2 in thread

I would not call Computer Online Forensic Evidence Extractor (COFEE) to be a bystander. Might be small in the grand scheme of things, but password decryption, data and volatile memory extraction is commonly associated with exploit kits for a reason. It uses vulnerabilities in windows in order to bypass the need to ask for permission.

If a company develop a kit that exploits the internal design of their own product, you are not a bystander. Bystanders do not sell exploit kits.

tptacekOP12y ago

Are you seriously comparing a crappy forensics tool to a modern exploit kit?

Do you think Wietse Venema and Dan Farmer are suspicious for having released The Coroner's Toolkit? Should we all stop running Postfix now?

belorn12y ago

In what way is The Coroner's Toolkit using postfix vulnerabilities?

The only relationship those two project has is that they share the same developer. COFEE however exploit microsoft own products.

It seems you are arguing that trust is not effected if companies first sells a product, then sells exploits for that product in secret. It may be small, or unimportant, or old product, but it doesn't really matter to me. Trust is not something that should be given out lightly.

atmosx12y ago

You mean that Microsoft is a victim, who is actively fighting against this 9-figure business, not just a bystander.

Otherwise why bother with exploits, just build good, solid C# backdoors and get over with it already.

j / k navigate · click thread line to collapse